Add secp256k1eth pkcs11 support [1/4]#24
Conversation
Greptile SummaryThis PR refactors the PKCS#11 signer (moving it into its own
Confidence Score: 3/5The refactor and new secp256k1eth support are well-structured, but RecoverCompact lacks the digest length guard present in RecoverDER, which can cause silent misbehaviour if a non-32-byte hash is passed. The new RecoverCompact function omits the len(digest) != 32 check that its sibling RecoverDER enforces before calling the shared recoverSig helper. The PKCS#11 Sign path passes raw signBytes as the digest; if those bytes are not exactly 32 bytes, key recovery silently exhausts both recovery candidates and returns a cryptic error rather than a clear diagnostic. The rest of the change — the refactor into signer.go, the algo registry extension, and the DER→compact split — is clean and low-risk. signing/ecdsasig/ecdsasig.go — RecoverCompact needs the digest length guard; signing/pkcs11/algo.go has two minor comment issues. Important Files Changed
|
| // RecoverCompact decodes an r‖s signature (2x32 bytes) | ||
| // and returns r‖s‖v (65 bytes) with recovery byte and low-S normalized. | ||
| func RecoverCompact(rs, digest []byte, pub *secp256k1.PublicKey) ([]byte, error) { | ||
| r, s, err := decodeRSCompact(rs) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| return recoverSig(r, s, digest, pub) | ||
| } |
There was a problem hiding this comment.
Missing 32-byte digest guard in
RecoverCompact
RecoverDER explicitly validates len(digest) != 32 before calling recoverSig, but the new RecoverCompact skips that check entirely. Both ultimately call ecdsa.RecoverCompact(compact, digest), which expects a 32-byte hash. When the PKCS#11 signer passes signBytes as the digest argument and those bytes are not exactly 32 bytes (e.g., if a caller mistakenly passes full consensus sign-bytes), key recovery will silently fall through the v = 0/1 loop and return the opaque error "no 0/1 recovery id recovers the public key" instead of the actionable "digest must be 32 bytes" message that RecoverDER would emit.
| return ecdsasig.RecoverCompact(raw, digest, dpub) | ||
| } | ||
|
|
||
| // decodeEd25519Pub turns a CKA_EC_POINT value into aa byte array. |
There was a problem hiding this comment.
| // decodeEd25519Pub turns a CKA_EC_POINT value into aa byte array. | |
| // decodeEd25519Pub turns a CKA_EC_POINT value into a byte array. |
Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
Refactors the pkcs11 implementation to align with awskms--moves the signer to its own file.
Adds
secp256k1ethsigning support in pkcs11. This involves refactoring some of theecdsasiglibrary to support formats different from the DER encoding that awskms returns.